No SMB spreader

The GandCrab ransomware has slowly become the most widespread ransomware strain in use today. Version 4.1.x, in particular, has recently grabbed some headlines.

Back at the start of the month, a security researchers spotted that GandCrab added support for the EternalBlue NSA exploit, suggesting the ransomware could use it to spread to other nearby computers on the same network via the SMB protocol. But in a later report, Fortinet said this self-propagation routine doesn't seem to be used by the ransomware at all.

The GandCrab authors have also continued their habit of mentioning the names of security researchers in the ransomware's source code. While Emsisoft's Fabian Wosar was named in v3 and independent security researcher Daniel J. Bernstein in v4, they are now referencing Fortinet and AhnLab in v4.1.2.

Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.